Skip to content

Commit

Permalink
[acl-loader] modify acl-loader with change in STATE DB ACL capability…
Browse files Browse the repository at this point in the history
… table (sonic-net#1896)

* [acl-loader] modify acl-loader with change in STATE DB ACL capability table

Signed-off-by: Stepan Blyshchak <stepanb@nvidia.com>
  • Loading branch information
stepanblyschak authored Nov 23, 2021
1 parent a395e28 commit a0bff26
Show file tree
Hide file tree
Showing 7 changed files with 60 additions and 27 deletions.
19 changes: 11 additions & 8 deletions acl_loader/main.py
Original file line number Diff line number Diff line change
Expand Up @@ -78,7 +78,8 @@ class AclLoader(object):
POLICER = "POLICER"
SESSION_PREFIX = "everflow"
SWITCH_CAPABILITY_TABLE = "SWITCH_CAPABILITY"
ACL_ACTIONS_CAPABILITY_FIELD = "ACL_ACTIONS"
ACL_STAGE_CAPABILITY_TABLE = "ACL_STAGE_CAPABILITY_TABLE"
ACL_ACTIONS_CAPABILITY_FIELD = "action_list"
ACL_ACTION_CAPABILITY_FIELD = "ACL_ACTION"

min_priority = 1
Expand Down Expand Up @@ -402,16 +403,18 @@ def validate_actions(self, table_name, action_props):
# Same information should be there in all state DB's
# as it is static information about switch capability
namespace_statedb = list(self.per_npu_statedb.values())[0]
capability = namespace_statedb.get_all(self.statedb.STATE_DB, "{}|switch".format(self.SWITCH_CAPABILITY_TABLE))
aclcapability = namespace_statedb.get_all(self.statedb.STATE_DB, "{}|{}".format(self.ACL_STAGE_CAPABILITY_TABLE, stage.upper()))
switchcapability = namespace_statedb.get_all(self.statedb.STATE_DB, "{}|switch".format(self.SWITCH_CAPABILITY_TABLE))
else:
capability = self.statedb.get_all(self.statedb.STATE_DB, "{}|switch".format(self.SWITCH_CAPABILITY_TABLE))
aclcapability = self.statedb.get_all(self.statedb.STATE_DB, "{}|{}".format(self.ACL_STAGE_CAPABILITY_TABLE, stage.upper()))
switchcapability = self.statedb.get_all(self.statedb.STATE_DB, "{}|switch".format(self.SWITCH_CAPABILITY_TABLE))
for action_key in dict(action_props):
key = "{}|{}".format(self.ACL_ACTIONS_CAPABILITY_FIELD, stage.upper())
if key not in capability:
action_list_key = self.ACL_ACTIONS_CAPABILITY_FIELD
if action_list_key not in aclcapability:
del action_props[action_key]
continue

values = capability[key].split(",")
values = aclcapability[action_list_key].split(",")
if action_key.upper() not in values:
del action_props[action_key]
continue
Expand All @@ -420,11 +423,11 @@ def validate_actions(self, table_name, action_props):
# Check if action_value is supported
action_value = action_props[action_key]
key = "{}|{}".format(self.ACL_ACTION_CAPABILITY_FIELD, action_key.upper())
if key not in capability:
if key not in switchcapability:
del action_props[action_key]
continue

if action_value not in capability[key]:
if action_value not in switchcapability[key]:
del action_props[action_key]
continue

Expand Down
4 changes: 2 additions & 2 deletions tests/acl_loader_test.py
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,7 @@ def test_validate_mirror_action(self, acl_loader):
"mirror_egress_action": "everflow0"
}

# switch capability taken from mock_tables/state_db.json SWITCH_CAPABILITY table
# switch capability taken from mock_tables/state_db.json ACL_STAGE_CAPABILITY_TABLE table
assert acl_loader.validate_actions("EVERFLOW", ingress_mirror_rule_props)
assert not acl_loader.validate_actions("EVERFLOW", egress_mirror_rule_props)

Expand All @@ -50,7 +50,7 @@ def test_validate_mirror_action(self, acl_loader):
"PACKET_ACTION": "DROP"
}

# switch capability taken from mock_tables/state_db.json SWITCH_CAPABILITY table
# switch capability taken from mock_tables/state_db.json ACL_STAGE_CAPABILITY_TABLE table
assert acl_loader.validate_actions("DATAACL", forward_packet_action)
assert not acl_loader.validate_actions("DATAACL", drop_packet_action)

Expand Down
8 changes: 6 additions & 2 deletions tests/mock_tables/asic0/state_db.json
Original file line number Diff line number Diff line change
Expand Up @@ -65,10 +65,14 @@
"SWITCH_CAPABILITY|switch": {
"MIRROR": "true",
"MIRRORV6": "true",
"ACL_ACTIONS|INGRESS": "PACKET_ACTION,REDIRECT_ACTION,MIRROR_INGRESS_ACTION",
"ACL_ACTIONS|EGRESS": "PACKET_ACTION,MIRROR_EGRESS_ACTION",
"ACL_ACTION|PACKET_ACTION": "FORWARD"
},
"ACL_STAGE_CAPABILITY_TABLE|INGRESS": {
"action_list": "PACKET_ACTION,REDIRECT_ACTION,MIRROR_INGRESS_ACTION"
},
"ACL_STAGE_CAPABILITY_TABLE|EGRESS": {
"action_list": "PACKET_ACTION,MIRROR_EGRESS_ACTION"
},
"DEBUG_COUNTER_CAPABILITIES|PORT_INGRESS_DROPS": {
"reasons": "[IP_HEADER_ERROR,NO_L3_HEADER]",
"count": "4"
Expand Down
8 changes: 6 additions & 2 deletions tests/mock_tables/asic1/state_db.json
Original file line number Diff line number Diff line change
Expand Up @@ -65,10 +65,14 @@
"SWITCH_CAPABILITY|switch": {
"MIRROR": "true",
"MIRRORV6": "true",
"ACL_ACTIONS|INGRESS": "PACKET_ACTION,REDIRECT_ACTION,MIRROR_INGRESS_ACTION",
"ACL_ACTIONS|EGRESS": "PACKET_ACTION,MIRROR_EGRESS_ACTION",
"ACL_ACTION|PACKET_ACTION": "FORWARD"
},
"ACL_STAGE_CAPABILITY_TABLE|INGRESS": {
"action_list": "PACKET_ACTION,REDIRECT_ACTION,MIRROR_INGRESS_ACTION"
},
"ACL_STAGE_CAPABILITY_TABLE|EGRESS": {
"action_list": "PACKET_ACTION,MIRROR_EGRESS_ACTION"
},
"DEBUG_COUNTER_CAPABILITIES|PORT_INGRESS_DROPS": {
"reasons": "[IP_HEADER_ERROR,NO_L3_HEADER]",
"count": "4"
Expand Down
8 changes: 6 additions & 2 deletions tests/mock_tables/asic2/state_db.json
Original file line number Diff line number Diff line change
Expand Up @@ -65,10 +65,14 @@
"SWITCH_CAPABILITY|switch": {
"MIRROR": "true",
"MIRRORV6": "true",
"ACL_ACTIONS|INGRESS": "PACKET_ACTION,REDIRECT_ACTION,MIRROR_INGRESS_ACTION",
"ACL_ACTIONS|EGRESS": "PACKET_ACTION,MIRROR_EGRESS_ACTION",
"ACL_ACTION|PACKET_ACTION": "FORWARD"
},
"ACL_STAGE_CAPABILITY_TABLE|INGRESS": {
"action_list": "PACKET_ACTION,REDIRECT_ACTION,MIRROR_INGRESS_ACTION"
},
"ACL_STAGE_CAPABILITY_TABLE|EGRESS": {
"action_list": "PACKET_ACTION,MIRROR_EGRESS_ACTION"
},
"DEBUG_COUNTER_CAPABILITIES|PORT_INGRESS_DROPS": {
"reasons": "[IP_HEADER_ERROR,NO_L3_HEADER]",
"count": "4"
Expand Down
8 changes: 6 additions & 2 deletions tests/mock_tables/state_db.json
Original file line number Diff line number Diff line change
Expand Up @@ -286,10 +286,14 @@
"MIRRORV6": "true",
"PORT_TPID_CAPABLE": "true",
"LAG_TPID_CAPABLE": "true",
"ACL_ACTIONS|INGRESS": "PACKET_ACTION,REDIRECT_ACTION,MIRROR_INGRESS_ACTION",
"ACL_ACTIONS|EGRESS": "PACKET_ACTION,MIRROR_EGRESS_ACTION",
"ACL_ACTION|PACKET_ACTION": "FORWARD"
},
"ACL_STAGE_CAPABILITY_TABLE|INGRESS": {
"action_list": "PACKET_ACTION,REDIRECT_ACTION,MIRROR_INGRESS_ACTION"
},
"ACL_STAGE_CAPABILITY_TABLE|EGRESS": {
"action_list": "PACKET_ACTION,MIRROR_EGRESS_ACTION"
},
"DEBUG_COUNTER_CAPABILITIES|PORT_INGRESS_DROPS": {
"reasons": "[IP_HEADER_ERROR,NO_L3_HEADER]",
"count": "4"
Expand Down
32 changes: 23 additions & 9 deletions tests/mock_tables/t1/state_db.json
Original file line number Diff line number Diff line change
Expand Up @@ -6114,17 +6114,31 @@
},
"SWITCH_CAPABILITY|switch": {
"expireat": 1602454497.423883,
"ttl": -0.001,
"type": "hash",
"ttl": -0.001,
"type": "hash",
"value": {
"ACL_ACTIONS|EGRESS": "PACKET_ACTION",
"ACL_ACTIONS|INGRESS": "PACKET_ACTION,MIRROR_INGRESS_ACTION",
"ACL_ACTION|PACKET_ACTION": "DROP,FORWARD",
"MAX_NEXTHOP_GROUP_COUNT": "512",
"MIRROR": "true",
"MIRRORV6": "true"
"MAX_NEXTHOP_GROUP_COUNT": "512",
"MIRROR": "true",
"MIRRORV6": "true",
"PACKET_ACTION": "DROP,FORWARD"
}
},
"ACL_STAGE_CAPABILITY_TABLE|EGRESS": {
"expireat": 1602454497.423883,
"ttl": -0.001,
"type": "hash",
"value": {
"action_list": "PACKET_ACTION,MIRROR_INGRESS_ACTION"
}
},
"ACL_STAGE_CAPABILITY_TABLE|INGRESS": {
"expireat": 1602454497.423883,
"ttl": -0.001,
"type": "hash",
"value": {
"action_list": "PACKET_ACTION"
}
},
"TRANSCEIVER_DOM_SENSOR|Ethernet0": {
"expireat": 1602454497.4302251,
"ttl": -0.001,
Expand Down Expand Up @@ -7909,4 +7923,4 @@
"restore_count": "0"
}
}
}
}

0 comments on commit a0bff26

Please sign in to comment.